Using High Availability
Restarting the HA processes on a stopped primary unit
If you configured service monitoring on an active-passive HA group (see “Configuring service-based failover” on page 328) and either the primary unit or the secondary unit detects a service failure on the primary unit, the primary unit changes its effective HA mode of operation to off, stops processing email, and halts all of its HA processes.
After resolving the problem that caused the failure, you can use the following steps to restart the HA processes on the primary unit.
In this example, resolving this problem could be as simple as reconnecting the cable to the port2 network interface. Once the problem is resolved, use the following steps to restart the stopped primary unit.
To restart a stopped primary unit
- Log in to the web-based manager of the primary unit.
- Go to System > High Availability > Status.
- Select click HERE to restart the HA system.
The primary unit restarts and rejoins the HA group.
If a failover has occurred due to processes being stopped on the primary unit, and the secondary unit is currently acting as the primary unit, you can restore the primary and secondary units to acting in their configured roles. For details, see “click HERE to restore configured operating mode” on page 317.
Configuring the HA mode and group
The Configuration tab in the System > High Availability submenu lets you configure the high availability (HA) options, including:
- enabling HA
- selecting whether the HA group is active-passive or config-only in style (for information on the differences, see Table 31 on page 305)
- whether this individual FortiMail unit will act as a primary unit or a secondary unit in the cluster
- network interfaces that will be used for heartbeat and synchronization
- service monitor
For an explanation of active-passive and config-only, see “About high availability” on page 305.
HA settings, with the exception of Virtual IP Address settings, are not synchronized and must be configured separately on each primary and secondary unit.
You must maintain the physical link between the heartbeat and synchronization network interfaces. These connections enable cluster members to detect the responsiveness of other members, and to synchronize data. If they are interrupted, normal operation will be interrupted and, for active-passive HA groups, a failover will occur. For more information on heartbeat and synchronization, see “About the heartbeat and synchronization” on page 307.
For an active-passive HA group, or a config-only HA group consisting of only two FortiMail units, directly connect the heartbeat network interfaces using a crossover Ethernet cable. For a config-only HA group consisting of more than two FortiMail units, connect the heartbeat network interfaces through a switch, and do not connect this switch to your overall network.
To access this part of the web UI, your administrator account’s:
- Domain must be System
- access profile must have Read or Read-Write permission to the Others category
For details, see “About administrator account permissions and domains” on page 290.
To configure HA options
- Go to System > High Availability > Configuration.
The appearance of sections and the options in them options vary greatly with your choice in the Mode of operation drop-down-list.
Figure 131:Active-passive HA (primary unit)
Figure 132:Config-only HA (primary unit with three secondary units)
Figure 133:Config-only HA (secondary unit)
- Configure the following sections, as applicable:
- “Configuring the primary HA options” on page 321
- “Configuring the master configuration IP” on page 322
- “Configuring the backup options” on page 322
- “Configuring the advanced options” on page 323
- “Configuring the slave system options” on page 324
- “Storing mail data on a NAS server” on page 325
- “Configuring interface monitoring” on page 325 “Configuring service-based failover” on page 328
- Click Apply.
Configuring the primary HA options
Go to System > High Availability > Configuration and click the arrow to expand the HA configuration section, if needed. The options presented vary greatly depending on your choice in the Mode of operation drop-down-list.
Table 36: HA main options
|Mode of operation||Enables or disables HA, selects active-passive or config-only HA, and selects the initial configured role this FortiMail unit in the HA group.
• off: The FortiMail unit is not operating in HA mode.
• master: The FortiMail unit is the primary unit in an active-passive HA group.
• slave: The FortiMail unit is the secondary unit in an active-passive HA group.
• config master: The FortiMail unit is the primary unit in a config-only HA group.
• config slave: The FortiMail unit is a secondary unit in a config-only HA group.
Caution: For config-only HA, if the FortiMail unit is operating in server mode, you must store mail data externally, on a NAS server. Failure to store mail data externally could result in mailboxes and other data scattered over multiple FortiMail units. For details on configuring NAS, see “Storing mail data on a NAS server” on page 325 and “Selecting the mail data storage location” on page 376
Table 36: HA main options
|On failure||Select one of the following behaviors of the primary unit when it detects a failure, such as on a power failure or from service/interface monitoring.
• switch off: Do not process email or join the HA group until you manually select the effective operating mode (see “click HERE to restart the HA system” on page 317 and “click HERE to restore configured operating mode” on page 317).
• wait for recovery then restore original role: On recovery, the failed primary unit‘s effective HA mode of operation resumes its configured master role. This also means that the secondary unit needs to give back the master role to the primary unit. This behavior may be useful if the cause of failure is temporary and rare, but may cause problems if the cause of failure is permanent or persistent.
• wait for recovery then restore slave role: On recovery, the failed primary unit’s effective HA mode of operation becomes slave, and the secondary unit continue to assume the master role. The primary unit then synchronizes the content of its MTA queue directories with the current master unit. The new master unit can then deliver email that existed in the former primary unit’s MTA queue at the time of the failover. For information on manually restoring the FortiMail unit to acting in its configured HA mode of operation, see “click HERE to restore configured operating mode” on page 317.
In most cases, you should select the wait for recovery then restore slave role option.
For details on the effects of this option on the Effective Operating Mode, see Table . For information on configuring service/interface monitoring, see “Configuring service-based failover” on page 328.
This option appears only if Mode of operation is master.
|Shared password||Enter an HA password for the HA group. You must configure the same Shared password value on both the primary and secondary units.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos
Leave a Reply